A system and method for generating remediated instructions that complies with one or more policies that specify constraints for computer executable instructions. The remediated instructions are generated based at least in part on an evaluation of a set of straight-line paths of the set of executable instructions and an execution flow for the set of straight-line paths.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method, comprising: obtaining one or more policies associated with a set of program instructions for an executable computer program, wherein the one or more policies indicate a time constraint for execution of the computer program; identifying a policy violation by evaluating the one or more policies and the set of program instructions; generating, based at least in part on the policy violation, remediation instructions; and inserting the remediation instructions into a routine of the set of program instructions running in a virtual computing environment to modify the routine in response to the set of program instructions violating the one or more policies while running in the virtual computing environment, wherein the remediation instructions cause the set of program instructions to be in compliance with the one or more policies.
2. The computer-implemented method of claim 1 , wherein the policy violation is added to a collection of policy violations as a result of determining that a number of iterations of a loop can exceed a threshold during evaluating a set of execution flows, a set of straight-line paths, and a set of path times.
3. The computer-implemented method of claim 1 , wherein the set of program instructions is a hypervisor plug-in configured to have direct access to hardware of a computer system.
4. The computer-implemented method of claim 1 , wherein the remediation instructions cause the set of program instructions to comply with the one or more policies by terminating a loop after a specified number of iterations.
5. The computer-implemented method of claim 1 , wherein inserting the remediation instructions comprises: obtaining from the one or more policies an overall time budget for execution of the set of program instructions; determining a remaining time budget by deducting a set of path times from the overall time budget; determining, based at least in part on a remaining time budget, a limit to a number of times that instructions in a straight-line path of a set of straight-line paths are allowed to be repeated; and selecting the remediation instructions such that, when inserted into the set of program instructions, the number of times that instructions in the set of program instructions corresponding to the straight-line path will repeat when executed is limited.
6. A system, comprising: memory to store instructions that, as a result of being executed by one or more processors of the system, cause the system to: obtain one or more policies indicating a set of executable instructions, wherein the one or more policies indicate a time constraint for execution of the set of executable instructions; evaluate the one or more policies and the set of executable instructions to determine a policy violation; generate, based at least in part on the policy violation, remediated instructions; and insert the remediated instructions into a routine of the set of executable instructions running in a virtual computing environment to modify the routine in response to the set of executable instructions violating the one or more policies while running in the virtual computing environment, wherein the remediated instructions cause the set of executable instructions to be in compliance with the one or more policies.
7. The system of claim 6 , wherein: portions of the set of executable instructions are annotated with annotations to distinguish a first part of a computer program from a remainder of the computer program; and the system identifies the remediated instructions to comply with the annotations.
8. The system of claim 6 , wherein the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to provide human-readable information indicating differences between the set of executable instructions and the remediated instructions.
9. The system of claim 6 , wherein the instructions further include instructions that, as a result of being executed by the one or more processors cause the system to: generate a set of straight-line paths from the set of executable instructions, wherein each straight-line path in the set of straight-line paths comprises non-branching segments of the set of executable instructions; generate a set of execution flows from the set of executable instructions, wherein the set of execution flows indicates an order of execution of the set of straight-line paths; and generate a set of path times corresponding to the set of straight-line paths.
10. The system of claim 9 , wherein the set of execution flows, the set of straight-line paths, and the set of path times are determined not to comply with the one or more policies as a result of an evaluation indicating an execution time for the set of executable instructions is in excess of a time constraint.
11. The system of claim 6 , wherein the remediated instructions are produced and inserted at a specific location into the set of executable instructions.
12. The system of claim 11 , wherein the instructions that cause the system to produce the remediated instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the system to: generate the remediated instructions for terminating a loop after a determined number of iterations; and insert the remediated instructions into the set of executable instructions.
13. The system of claim 11 , wherein the instructions that cause the system to produce the remediated instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the system to: generate the remediated instructions for exiting from a recursive function after a determined nesting depth is attained; and insert the remediated instructions into the set of executable instructions.
14. A non-transitory computer-readable storage medium comprising executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to: obtain one or more policies indicating a set of executable instructions, wherein the one or more policies indicate a time constraint for execution of the set of executable instructions; evaluate the one or more policies and the set of executable instructions to determine a policy violation; generate, based at least in part on the policy violation, remediated instructions; and insert the remediated instructions into a routine of the set of executable instructions running in a virtual computing environment to modify the routine in response to the set of executable instructions violating the one or more policies while running in the virtual computing environment, wherein the remediated instructions cause the set of executable instructions to be in compliance with the one or more policies.
15. The non-transitory computer-readable storage medium of claim 14 , wherein the one or more policies include time constraints that correspond to a service-level agreement.
16. The non-transitory computer-readable storage medium of claim 14 , wherein a set of execution flows comprises a graph of vertices connected by edges, wherein each of the edges corresponds to a straight-line path of a set of straight-line paths.
17. The non-transitory computer-readable storage medium of claim 16 , wherein the set of executable instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to: generate a set of path times corresponding to the set of straight-line paths, wherein each path time of the set of path times is generated by determining a number of instruction cycles sufficient to execute each instruction in a corresponding straight-line path of the set of straight-line paths; and evaluate whether the set of execution flows and the set of straight-line paths comply with the one or more policies includes evaluating whether, based at least in part on the set of path times, execution of the set of straight-line paths in an order of execution specified by the set of execution flows exceeds a limit of instruction cycles specified in the one or more policies.
18. The non-transitory computer-readable storage medium of claim 17 , wherein each path time of the set of path times further comprises a confidence score indicating likelihood that a corresponding straight-line path will complete execution within each path time.
19. The non-transitory computer-readable storage medium of claim 18 , wherein as a result of the confidence score being less than 100%, then the remediated instructions are produced by at least inserting a watchdog timer into the set of executable instructions.
20. The non-transitory computer-readable storage medium of claim 18 , wherein the corresponding straight-line path corresponds to a first path time with a first confidence score and a second path time with a second confidence score.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 17, 2014
September 17, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.